Fifth Version of Tinba Trojan Expands to Target Asian Banks

Exterminator

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Content source
http://news.softpedia.com/news/fifth-version-of-tinba-trojan-expands-to-target-asian-banks-498950.shtml
Tinba is a well-known banking trojan that has been wreaking havoc among users for the past five years, ever since its source code was leaked online.

Across time, the trojan, also known as Tinybanker, Zusy or HµNT€R$, has had four major versions. In a report from F5 Labs, the cyber security vendor is announcing a fifth version, one that has received special updates so it can target banks from the APAC (Asia-Pacific) region, a territory in which Tinba hasn't been very active until now.

This fifth version, named Tinbapore, doesn't differ too much from previous versions, and still works in the same way.

It infects users through spam, it goes on to gain boot persistence via a rootkit, it initiates conversations with a C&C server after scanning and collecting data from the victim, and then goes on to hijack the user's browsers.

Whenever the user accesses a Web-based banking portal or Web-based payments system, the malware will use Web injection techniques to insert malicious JavaScript code in the page, and collect the user's credentials and other financial information. This data is later used for making fraudulent transactions.

More than half of Tinbapore infections were recorded in the APAC region
Differences from previous versions include the usage of a domain name generation algorithm that makes it harder for security researchers to track down its C&C, and its own separate explorer.exe process that runs in the operating system's background.

According to F5 researchers, the campaign responsible for spreading this most recent version of Tinba is originating from Russian domain names.

Furthermore, most of its targets are located in Singapore, the country after which Tinbapore's name was derived. Second to Signapore's 30% we find Indonesia with 20%, another APAC country, and also Malaysia with 5%.

"Financial institutions in APAC are not the only ones at risk; the malware has also targeted institutions in the Europe, Middle East, and Africa (EMEA) region and the Americas," F5 researchers reveal. "However, it is clear that the majority of attacks target financial institutions in Asia and the Pacific."
Click to expand...
 
  • Like
Reactions: Der.Reisende, ravi prakash saini, harlan4096 and 1 other person
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
    • Thanks
TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments
Replies
0
Views
869
News Archive
silversurfer
silversurfer
silversurfer
    • +Reputation
    • Like
GoldDigger Android Trojan Targets Banking Apps in Asia Pacific Countries
Replies
0
Views
1,201
News Archive
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
Xenomorph Android Malware Targets Customers of 30 US Banks
Replies
0
Views
1,153
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top